Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

DBA Boundaries Blurring

As if the role of database administrators in the IT universe was not important enough, many DBAs say growing concerns about database security have increased their workload and blurred their responsibilities with respect to application development.

The transition has occurred over the last year in a series of damaging security vulnerabilities in major DBMSes from Oracle Corp., Microsoft Corp. and IBM. The high-profile Slammer worm, which hit in late January of last year, temporarily crippled the Internet and blew through unprotected servers running Microsofts SQL Server.

As a result of Slammer and vulnerabilities exposed in other databases, new mandatory security policies and best practices rippled across traditional boundaries in corporate IT departments. These have profoundly affected application development, the IT production environment and source code migration, resulting in heavier workloads for many DBAs.

"Before [Slammer], my focus of being a DBA was concentrating on making sure data was available in the enterprise," said Don Watters, datagroup manager at PhotoWorks Inc. "[But now its] not just machines giving data to the enterprise, its also our development environment, our test environment, our staging environment—basically anywhere SQL exists."

Further reading

Seattle-based PhotoWorks runs a SQL Server shop along with Unix-based Pick applications on the UniVerse database in the back office. Slammers impact did not surface until about three months after its debut—and once it had already wreaked havoc on the online imaging providers development environment.

Although Watters had patched his SQL Server instances against Slammer, several instances of Microsofts SQL Server 2000 Desktop Engine, known as MSDE, were left unpatched. MSDE is often embedded within applications where it might not be administered by a DBA. Because of Slammer, PhotoWorks overhauled how it deals with its development environment by changing how it issues software patches and policies, Watters said.

SQL Server was not the only DBMS that had vulnerabilities exposed. IBM, Oracle and Sybase Inc. all reported vulnerabilities and patches to their respective DBMSes in the second half of last year. In September, IBM, of Armonk, N.Y., plugged a buffer overflow security hole in two areas of its Version 7.2 of DB2 for Linux that could allow attackers to execute malicious code using an administrators root-level permissions. Separately, Oracle, of Redwood Shores, Calif., in November acknowledged a vulnerability based on OpenSSL that affected versions 8i and 9i of its namesake database, as well as Oracle Application Server.

For its part, Sybase, based in Dublin, Calif., last month corrected more than 50 vulnerabilities in its mobile database, SQL Anywhere. According to NGSSoftware Ltd., the security company that discovered the Sybase exposures, SQL Anywhere was vulnerable to distributed-denial-of-service attacks and buffer overruns.